IT Security News Blast 6-13-2017

The SEC Is Picking Up The Pace Of Cyberattack Enforcement

Cyber hackers are targeting the accounts of brokerage firms to steal assets and/or make illegal trades at an increasing rate, which has prompted securities regulators in the U.S. to shift their focus to this growing trend, reported Reuters. […] I think we will see the cyber threat continue to emerge, Avakian said in the same interview. Both told Reuters that enforcement efforts at the SEC will continue to be vigorous.

HHS gives providers cyber-attack advice

The HHS guide offers HIPAA-covered entities step-by-step recommendations for how to handle a cyber-related event, such as a ransomware attack, beginning with immediately executing their response procedures and contingency plan. Providers should fix any technical issues and stop the incident. They then should mitigate any impermissible disclosure of protected health data whether through in-house efforts or with help from an outside entity.

HHS cybersecurity center offering much more than a Band-Aid for health IT cyber attacks

HHS officials recently testified before Congress that the center did exactly what it was intended to do during last month’s WannaCry ransomware attack, and further proved the point that paralyzing cyber attacks on health IT are only a click away. In the recent WannaCry immobilization,  HCCIC analysts provided early warning of the potential impact of the attack and HHS responded by putting the secertary’s operations center on alert, said Leo Scanlon, deputy chief information security officer at HHS, during a June 8 House energy and commerce subcommittee hearing.

3 things you need to know about cybersecurity in an IoT and mobile world

To sum it all up, here are the three things you need to know about cybersecurity in world that is increasingly dominated by mobile technology and the Internet of Things.

  1. Mobile is now the standard
  2. IoT complexity brings tremendous risk
  3. Cybersecurity is now a public safety concern

Bill to provide Congressional oversight of military cyber operations introduced in House

Over the past few years, military cyber operations have evolved, and as the evolution and maturation of both defensive and offensive operations continues, it is crucial that we establish clear standards, processes, and procedures for notification to Congress of sensitive operations,” Smith said. […] Cyberspace is a critical front on the 21st Century Battlefield, Stefanik said. Our adversaries including North Korea, China, Iran, and Russia are actively investing and developing their cyber capabilities, and we must continue to modernize and develop ours as well.

Russian hackers compromised top political and media figures with blackmail, cyber experts warn

Tom Kellermann, the former Trend Micro official, notified U.S. law enforcement and intelligence officials two years ago that Russian-backed hackers were able to turn on microphones and cameras on their targets personal devices to gain sensitive information about their personal lives. The cybersecurity expert believes that campaign had successfully compromised some influential political and media figures. When you wonder why certain people act certain ways, you have to remember these people have been warned that their dirty laundry could be aired, said Kellermann, now CEO of Strategic Cyber Ventures.

Israeli hackers pulled off something few other nations have

Israeli government hackers were recently able to do something few others have been able to manage: They hacked the Islamic State. […] Israeli hackers learned that bomb designers were focused on constructing explosives that look a hell of a lot like laptop batteries, built to make it through airport x-ray machines. (This, by the way, is the intel that United States President Donald Trump spilled to Russian government officials at the White House not too long ago).

Israeli Intelligence Discovered IS Plans for Laptop Bomb: Report

It said the Israeli hackers penetrated the small Syria-based cell of bombmakers months ago, an effort that led to the March 21 ban on carry-on laptops and other electronics larger than cellphones on direct flights to the United States from 10 airports in Turkey, the Middle East and North Africa. The Israeli cyber-penetration “was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers,” the Times said.

How Russia Targets the U.S. Military

In addition to propaganda designed to influence service members and veterans, Russian state actors are friending service members on Facebook while posing as attractive young women to gather intelligence and targeting the Twitter accounts of Defense Department employees with highly customized phishing attacks. The same Russian military hacking group that breached the Democratic National Committee, Fancy Bear, was also responsible for publicly posting stolen Army data online while posing as supporters of the Islamic State in 2015, according to the findings of one cybersecurity firm.

New Idaho Cybersecurity Chief

The appointment follows an executive order Otter signed in January implementing recommendations from a Cybersecurity Task Force the Republican governor created in 2015. The task force, led by Lt. Gov. Brad Little, recommended appointing a director of information security to lead efforts to detect, identify and thwart cyber attacks against the state. The Idaho Legislature has already allocated $180,000 to the position. Weak will take over his new role Aug. 1.

Senior U.S. cybersecurity specialists made average of roughly $118K in Q1, researcher notes

Also in the U.S. during Q1:

  • Senior information security analysts were paid an average of $115, 212, while non-senior infosec analysts in Q1 released an average salary of $92,179.
  • Senior security administrators earned an average $88,526, while non-senior admins averaged $75,847 in salary.
  • Security architects earned an average of $123,009.

Russia has developed a cyberweapon that can disrupt power grids, according to new research

The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system in Ukraine in December. In that incident, the hackers briefly shut down one-fifth of the electric power generated in Kiev. But with modifications, it could be deployed against U.S. electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report Monday.

Meet Industroyer – the biggest cyber threat to critical infrastructure since Stuxnet

According to ESET, what sets Industroyer apart from other malware targeting infrastructure is the use of four payload components that target particular communication protocols. It said that this showed that the author had a deep knowledge and understanding of industrial control systems. The malware is also equipped with features to enable it to remain under the rader, to ensure the malware’s persistence and to wipe all traces of itself after it’s completed its job.

This hypnotic, terrifying map charts cyberattacks in real-time

The Kaspersky real-time map charts a web of malware detection. It includes nefarious activity picked up across email servers and malicious software transferred when visits are paid to particular websites. It presents you with an image of the globe, and lines of colour marked against it that signify the number of cyber attacks currently underway in each country. Click on a country, and it will take you to a more in-depth data set so you can track threats locally.

Hackers marketing the most sophisticated Mac malware ever

Advertised as the most sophisticated Mac spyware ever, MacSpy was discovered by security researchers at AlienVault. The service lowers the barrier of entry for actors by giving non-technical users the ability to carry out attacks. […] MacSpy is able to capture a screenshot from the victim’s computer every 30 seconds, providing a regular glimpse at the user’s activity. It also installs a keylogger that records every keystroke entered on the computer, allowing the attacker to gain access to a user’s login credentials if entered while the malware is active.

You can now hire hackers to see if your other half is cheating on you

Hackers are now offering cut-price deals for jealous lovers to steal their other half’s computer or social media passwords using phishing attacks. Prices range from $50 (£40), according to a Motherboard investigation and hackers are easy to find by Googling certain terms. The hackers-for-hire are often located in countries such as Romania or China, and will target loved ones with a spear phishing email.

Spy apps for smart phones appeal to the little dictator in all of us

The cost of electronic espionage has dropped, and apps offer services that cost as little as $30 a month for a gamut of capabilities that were once a monopoly of governments. Some of the spyware apps have names like mSpy, Mobistealth, Highster Mobile, Easy Spy, Spyera and FlexiSPY. The global market for lawful interception” technology and software will soar to $1.3 billion by 2019, according to MarketsandMarkets, a research company based in Pune, India.

Facing limits of remote hacking, Army cybers up the battlefield

[The] Army Cyber Command recently experimented with putting “cyber soldiers” in the field as part of an exercise at the Army’s National Training Center at Fort Irwin, California. In addition to fielding troops to provide defensive and offensive cyber capabilities for units coming into NTC for training, the Army has also been arming its opposition force (the trainers) with cyber capabilities to demonstrate their impact.

Raspberry Pi sours thanks to mining malware

Anti-virus vendor Dr. Web has found something nasty: malware named Linux.MulDrop.14 that turns the Raspberry Pi into a cryptocurrency mining machine. To catch the malware you’ll need to leave your rPi on with SSH ports open. If you’ve done so and the malware’s scripts make their way in to your Pi, they’ll install zmap, sshpass and the mining code. […] Once that’s happened, the malware uses zmap and “searches for network nodes with an open port 22, after that it uses sshpass to log into them with the following login:password pair: pi:raspberry, and then to save and run its copy.

Stolen UAE InvestBank, Qatar National Bank Data Sold on Dark Web

In the Sharjah-based InvestBank’s case, a hacker leaked a 10GB file containing personal and financial details of customers and clients including thousands of records showing full names of account holders, addresses, passport numbers, phone numbers, account numbers, credit card numbers along with their CVV codes and other highly confidential data.

Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider

Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company’s servers. […] Verelox’s homepage came back online earlier today, but the website was plastered with a grim message informing users of the ex-admin’s actions. Following the incident, the hosting provider decided to take the rest of its network offline and focus on recovering customer data.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.